This is a log of my installation/Compilation of Apache DSO
with SSL, MM, and Tomcat 3.1 Beta 1 (source distribution) under Linux RH 6.1
(i.e., for kernel 2.2.x).
You may want to read my FAQ on Tomcat 3.1 beta 1. since it will be
easier to follow this installation log. It is available at:
http://www.ccl.net/cca/software/UNIX/apache/tomcat3.1b1-faq.html
This stuff if based on INSTALL file which comes with mod_ssl
and on the
http://www.servlets.com/soapbox/techtips/
December 8, 1999
"Install instructions for Apache 1.3.9 with Tomcat 3.0"
by Jason Hunter.
If you are outside US, please look into INSTALL which comes
with mod_ssl, since you do not need RSAREF and can use more
robust code [your 8) and apache configure will be different].
1) You actually may need a Korn shell to save yourself editing
since some scripts require it. It is called Public Domain
Korn shell, "pdksh". The easiest way is to get it as RPM from
http://rufus.w3.org/
for RH 6.1. Go to:
http://rufus.w3.org/linux/RPM/redhat/6.1/i386/PByName.html
click on pdksh-5.2.14-1 and then do "Save Link to file" for the
link "pdksh-5.2.14-1 RPM for i386".
Copy the pdksh-5.2.14-1.i386.rpm to /usr/src/redhat/RPMS/i386
cd /usr/src/redhat/RPMS/i386
rpm -Uhv pdksh-5.2.14-1.i386.rpm
2) Install Java 1.2 under linx RH 6.1
Note... Usually, you do not have Java installed. But with older
Linuces, there were various ports to Java (e.g., Kaffe). You have
to remove them from your system. If you are not sure if you have
java installed and in the path, just type
java
and see what happens. If it says: java: command not found
you are OK.
Java -- took jdk1.2 from one of the mirrors of www.blackdown.org
North America
1.ftp://iodynamics.com/pub/mirror/linux-jdk/
2.ftp://ftp.infomagic.com/pub/mirrors/linux/Java/
3.ftp://metalab.unc.edu/pub/linux/devel/lang/java/blackdown.org/
4.ftp://xfer.nitric.com/pub/java-linux
5.http://xfer.nitric.com/pub/java-linux
There is also JDK for linux available from Sun, in:
http://java.sun.com/products/jdk/1.2/download-linux.html
It is supposedly suitable for older Linux kernel. I do not know.
I used RH6.1 and blackdown 1.2.2_RC4.
I actually took Release 4 from
ftp://iodynamics.com/pub/mirror/linux-jdk/JDK-1.2.2/i386/rc4/
What you need is a file:
jdk-1.2.2-RC4-linux-i386-glibc-2.1.2.sh
I placed it in my usual download directory: /usr/local/src/java
Then I ran the self installing shell script as:
chmod 755 \
/usr/local/src/java/jdk-1.2.2-RC4-linux-i386-glibc-2.1.2.sh
cd /usr/local
/usr/local/src/java/jdk-1.2.2-RC4-linux-i386-glibc-2.1.2.sh
It installed the JDK 1.2.2 in /usr/local/jdk1.2.2
4) Set your environment variables for Java (I am assuming you use
some Bourne shell lookalike -- ksh or bash.
JAVA_HOME=/usr/local/jdk1.2.2
export JAVA_HOME
PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH}
export PATH
CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
export CLASSPATH
5) Make top directory for Tomcat installation. I did
/usr/local/apache_t3.1b1 but if you do some other, you
need to remember to use it in the instructions below,
mkdir /usr/local/apache_t3.1b1
6) I also make a subdirectory sources to have all needed sources
in one place.
mkdir /usr/local/apache_t3.1b1/sources
cd /usr/local/apache_t3.1b1/sources
place there tar files, and then unpack them as shown below:
a) apache_1.3.12.tar.gz from http://www.apache.org/dist/
gtar zxvf apache_1.3.12.tar.gz
b) mod_ssl-2.6.2-1.3.12.tar.gz from http://www.modssl.org
gtar zxvf mod_ssl-2.6.2-1.3.12.tar.gz
c) openssl-0.9.5.tar.gz from http://www.openssl.org
gtar zxvf openssl-0.9.5.tar.gz
d) mm-1.0.12.tar.gz from http://www.engelschall.com/sw/mm/
gtar zxvf mm-1.0.12.tar.gz
e) rsaref20.tar.Z -- it is no longer distributed, and I got it
from my private museum. It is available from many places
on the Web outside US. Search the Web FOR RSAREF 2.0.
mkdir rsaref-2.0
cd rsaref-2.0
gtar Zxvf ../rsaref20.tar.Z
cd ..
f) tar.gz sources for tomcat 3.1 beta 1 from
http://jakarta.apache.org/builds/tomcat/release/v3.1_beta_1/src
jakarta-ant.tar.gz
jakarta-tomcat.tar.gz
jakarta-tools.tar.gz
jakarta-watchdog.tar.gz
I untarred them as:
cd /usr/local/apache_t3.1b1/sources
gtar zxvf jakarta-ant.tar.gz
gtar zxvf jakarta-tomcat.tar.gz
gtar zxvf jakarta-tools.tar.gz
gtar zxvf jakarta-watchdog.tar.gz
7) Compiled RSAREF library for openssl since we are in US and RSA has
a patent, and we cannot use the decent implementation of crypto
libraries. If you are in Europe, you can skip this thing.
cd /usr/local/apache_t3.1b1/sources/rsaref-2.0
cp -rp install/unix local
cd local
edited makefile to have
CC = gcc
changed all occurrances of cc --> $(CC)
added -fPIC to CFLAGS
make
mv rsaref.a librsaref.a
8) Compiled the openssl [if you are in Europe, you need to
check the mod_ssl INSTALL not to include RSAREF]
cd /usr/local/apache_t3.1b1/sources/openssl-0.9.5
sh config \
-L/usr/local/apache_t3.1b1/sources/rsaref-2.0/local/rsaref -fPIC
make
make test
9) Compiled MM shared memory library
cd /usr/local/apache_t3.1b1/sources/mm-1.0.12
./configure --disable-shared
make
cd ..
10) Configured mod_ssl
cd /usr/local/apache_t3.1b1/sources/mod_ssl-2.6.2-1.3.12
EAPI_MM=../mm-1.0.12 \
./configure \
--with-apache=/usr/local/apache_t3.1b1/sources/apache_1.3.12
11) Configure and make and install Apache with DSO support:
cd /usr/local/apache_t3.1b1/sources/apache_1.3.12
SSL_BASE=/usr/local/apache_t3.1b1/sources/openssl-0.9.5 \
RSA_BASE=/usr/local/apache_t3.1b1/sources/rsaref-2.0/local \
EAPI_MM=/usr/local/apache_t3.1b1/sources/mm-1.0.12 \
./configure --prefix=/usr/local/apache_t3.1b1 \
--enable-module=so \
--enable-rule=SHARED_CORE \
--enable-module=most \
--enable-shared=max \
--enable-module=ssl \
--enable-shared=ssl
make
make certificate TYPE=custom
make install
My entries for certificates with
make certificate TYPE=custom
were defaults, no passwords, and:
STEP 0: R
STEP 2:
1. Country Name [XY]:US
2. State or Province Name [Snake Desert]:Ohio
3. Locality Name [Snake Town]:Columbus
4. Organization Name [Snake Oil, Ltd]:OSC
5. Organizational Unit Name [Cer..Authority]:Gateway
6. Common Name [Snake Oil CA]:pse.ccl.net
7. Email Address [ca@snakeoil.dom]:jkl@ccl.net
8. Certificate Validity [365]:1000
STEP 3: 3
STEP 5:
1. Country Name [XY]:US
2. State or Province Name [Snake Desert]:Ohio
3. Locality Name [Snake Town]:Columbus
4. Organization Name [Snake Oil, Ltd]:OSC
5. Organizational Unit Name [Webserver Team]:PSE
6. Common Name [www.snakeoil.dom]:pse.ccl.net
7. Email Address [www@snakeoil.dom]:jkl@ccl.net
8. Certificate Validity [365]:1001
STEP 6: 3
STEP 7:n
STEP 8:n
12) edited a file in /usr/local/apache_t3.1b1/conf/httpd.conf and
added (actually uncommented):
ServerName pse.ccl.net
13) Testing if Apache works:
a) make sure other installation of apache is not running,
or if it runs, it does not use port 80 and port 443.
(do: ps auwx | grep httpd), and if httpd runs, kill it
with its own apachectl script or just use (not recommended)
killall httpd
b) start apache with:
/usr/local/apache_t3.1b1/bin/apachectl startssl
If you have warning, you have a problem, and try to
do "exactly what I say" next time {:-)}.
c) Use your browser (preferable on some other machine)
and check if http: and https: work
In my case, I tries URLs:
http://pse.ccl.net/
and
https://pse.ccl.net/
In the https case you should get a lot of windows
which ask you for accepting the certificate.
Just click Next to see if you can go through to the
page.
d) Stop apache, since you are not finshed yet.
/usr/local/apache_t3.1b1/bin/apachectl stop
14) Compiled mod_jserv.so included in jakarta-tomcat zip archive.
First, I added a correction from tomcat-dev@jakarta.apache.org list:
In jserv_ajpv12.c in function original_uri(request_rec *r)
the line :
while (*last && !ap_isspace(*last)) {
needs to be changed to
while (*last && !ap_isspace(*last) && *last != '?') {
cd /usr/local/apache_t3.1b1/sources
cd jakarta-tomcat/src/native/apache/jserv
/usr/local/apache_t3.1b1/bin/apxs -c mod_jserv.c jserv*.c
cp mod_jserv.so /usr/local/apache_t3.1b1/libexec
15) Building and installing tomcat
cd /usr/local/apache_t3.1b1/sources/jakarta-ant
./bootstrap.sh
./build.sh
PATH=${PATH}:/usr/local/apache_t3.1b1/sources/jakarta-ant/bin
export PATH
ANT_HOME=/usr/local/apache_t3.1b1/sources/jakarta-ant
export ANT_HOME
cd /usr/local/apache_t3.1b1/sources/jakarta-tomcat
./build.sh
16) Starting stand alone tomcat and testing:
cd /usr/local/apache_t3.1b1/sources/build/tomcat/bin
edited startup.sh to be:
-------------------- cut start --------------
#!/bin/sh
# original comments which where there
JAVA_HOME=/usr/local/jdk1.2.2
export JAVA_HOME
PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH}
PATH=${PATH}:/usr/local/apache_t3.1b1/sources/build/tomcat/bin
export PATH
CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
export CLASSPATH
BASEDIR=/usr/local/apache_t3.1b1/sources/build/tomcat/bin
export BASEDIR
$BASEDIR/tomcat.sh start "$@"
-------------------- cut end --------------
edited shutdown.sh to be:
-------------------- cut start --------------
#!/bin/sh
# original comments which where there
JAVA_HOME=/usr/local/jdk1.2.2
export JAVA_HOME
PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH}
PATH=${PATH}:/usr/local/apache_t3.1b1/sources/build/tomcat/bin
export PATH
CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
export CLASSPATH
BASEDIR=/usr/local/apache_t3.1b1/sources/build/tomcat/bin
export BASEDIR
$BASEDIR/tomcat.sh stop "$@"
-------------------- cut end --------------
Then I did:
./startup.sh
In my browser I called:
http://pse.ccl.net:8080/
and it gave me the Tomcat examples page. Examples worked, so I shut down.
./shutdown.sh
17) Added tomcat.conf to httpd.conf by adding a line:
Include /usr/local/apache_t3.1b1/sources/build/tomcat/conf/tomcat.conf
at the end of /usr/local/apache_t3.1b1/conf/httpd.conf
18) In /usr/local/apache_t3.1b1/bin
cp apachctl apache-tomcat
and edited apache-tomcat to have a script to start/stop tomcat/apache
a) At the beginning, just after "END CONFIGURATION SECTION" I added:
TOMCAT_HOME=/usr/local/apache_t3.1b1/sources/build/tomcat
export TOMCAT_HOME
JAVA_HOME=/usr/local/jdk1.2.2
export JAVA_HOME
PATH=$JAVA_HOME/bin:${PATH}
export PATH
b) under case startssl added 2 lines after: if $HTTPD -DSSL; then
cd $TOMCAT_HOME/bin
./startup.sh
c) under case stop added 2 lines after: if kill $PID ; then
cd $TOMCAT_HOME/bin
./shutdown.sh
d) changed apache-tomcat to executable :
chmod 755 /usr/local/apache_t3.1b1/bin/apache-tomcat
19) Started the apache/tomcat as:
/usr/local/apache_t3.1b1/bin/apache-tomcat startssl
and checked if http://pse.ccl.net/examples and
https://pse.ccl.net/examples worked. They did, so I killed the
server with:
/usr/local/apache_t3.1b1/bin/apache-tomcat stop
20) changed permissions/ownership on the example directories
cd /usr/local/apache_t3.1b1/sources/build/tomcat/webapps
chown -R root.users .
chmod -R g+w .
find . -type d -exec chmod g+s {} \;
cd /usr/local/apache_t3.1b1/sources/build/tomcat/logs
chown -R nobody .
chmod -R g+w .
21) Changed ports. Since we have the previous (3.1M1) version of apache/tomcat
running, I had to change ports in this version not to collide with the
other installation:
Orig New Files affected
http(apache) --> 80 --> 9080 conf/httpd.conf
https --> 443 --> 9443 conf/httpd.conf
http(tomcat) --> 8080 --> 9090 sources/build/tomcat/conf/server.xml
sources/build/tomcat/conf/test-tomcat.xml
tomcat/jserv --> 8007 --> 9007 sources/build/tomcat/conf/tomcat.conf
sources/build/tomcat/conf/tomcat.properties
sources/build/tomcat/conf/server.xml
22) After tomcat/apache is installed, the default configuration of
mod_jserv.c and mod_rewrite_c is wrong, since mod_jserv follows
mod_rewrite (for details look up:
http://www.magiccookie.com/computers/apache-jserv/
To fix it I put mod_serv before mod_rewrite in
LoadModule jserv_module libexec/mod_jserv.so
LoadModule rewrite_module libexec/mod_rewrite.so
and
AddModule mod_jserv.c
AddModule mod_rewrite.c
and commented out the line
# LoadModule jserv_module libexec/mod_jserv.so
in /usr/local/apache_t3.1b1/sources/build/tomcat/conf/tomcat.conf
23) Adding other tomcat "web applications" beside "examples"
so they can also be access via Apache Web server.
/usr/local/apache_t3.1b1/sources/build/tomcat/webapps/ROOT
/usr/local/apache_t3.1b1/sources/build/tomcat/webapps/test
/usr/local/apache_t3.1b1/sources/build/tomcat/webapps/admin
Note, I also provide for the Basic Authentication in both
http and https. If you want to be picky, you need to disable
the Basic Authentication on the http port since it is profoundly unsafe.
To mount the original Tomcat directories I added following lines to:
/usr/local/apache_t3.1b1/sources/build/tomcat/conf/tomcat.conf
ApJServMount /docs /root
AuthType Basic
AuthName "For internal users only"
AuthUserFile /usr/local/apache/auth/avspass
AuthGroupFile /usr/local/apache/auth/avspeople
AuthType Basic
require group avs
ApJServMount /test /root
AuthType Basic
AuthName "For internal users only"
AuthUserFile /usr/local/apache/auth/avspass
AuthGroupFile /usr/local/apache/auth/avspeople
AuthType Basic
require group avs
ApJServMount /admin /root
AuthType Basic
AuthName "For internal users only"
AuthUserFile /usr/local/apache/auth/avspass
AuthGroupFile /usr/local/apache/auth/avspeople
AuthType Basic
require group avs
In /usr/local/apache_t3.1b1/sources/build/tomcat/conf/server.xml added:
(note, I left the entry:
unchanged, since it corresponds to a TOP directory of Tomcat).
Unfortunately, this messed up the links in the original tomcat examples
when viewed via Apache port (9080). It is becausein Tomcat the URL
to top directory / corresponds to real directory:
/usr/local/apache_t3.1b1/sources/build/tomcat/webapps
while in Apache it corresponds to
/usr/local/apache_t3.1b1/htdocs
Moreover, the /docs in apache corresponds to / in tomcat.
I cleaned it up by adding following contexts
ApJServMount /docs/examples /root
ApJServMount /docs/test /root
ApJServMount /docs/admin /root
to /usr/local/apache_t3.1b1/sources/build/tomcat/conf/tomcat.conf
and adding them to
24) To deal with docs/examples --> /examples problem I also tried to use
rewrite modules of apache. I have put the following lines into
/usr/local/apache_t3.1b1/sources/build/tomcat/conf/tomcat.conf
RewriteEngine On
RewriteRule ^/docs/examples /examples [R]
RewriteRule ^/docs/test /test [R]
RewriteRule ^/docs/admin /admin [R]
RewriteRule ^/tomcat.gif /docs/tomcat.gif [R]
Worked perfectly!!! Note, if you do not put mod_jserv before mod_rewrite
in module activation section of httpd.conf, the stuff will not work!!!
25) But this was about original Tomcat examples and stuff, which I did not
want to move, so I have something to relate to. For production you
need to put your web applications under the Web Document Tree of Apache,
i.e., the directory which is given on the line:
DocumentRoot "/some/directory/on/your/machine"
in the httpd.conf file for your server (or virtual server).
To do this, I created a skeleton of the web application called AVS
and mounted it as AVS under Apache DocumentRoot. My $APACHE_HOME
is /usr/local/apache_t3.1b1. I created directory ASV under it:
cd /usr/local/apache_t3.1b1/htdocs
mkdir AVS
cd AVS
mkdir WEB-INF
mkdir WEB-INF/classes
mkdir WEB-INF/classes/WorkshopRequest
mkdir WEB-INF/classes/oscViz
In the top directory of my web application, i.e.,
/usr/local/apache_t3.1b1/htdocs/AVS
I placed all the images, *.jsp, *.css, and *.html files. This was
a small web application, and I did not have to get elaborate
directory structure. In the WEB-INF/classes
I placed JavaBeans needed by the JSP pages.
I then added the following to the
/usr/local/apache_t3.1b1/sources/build/tomcat/conf/tomcat.conf file:
ApJServMount /AVS /root
AuthType Basic
AuthName "For internal users only"
AuthUserFile /usr/local/apache/auth/avspass
AuthGroupFile /usr/local/apache/auth/avspeople
AuthType Basic
require group avs
This tells Apache that the requests to directory:
/usr/local/apache_t3.1b1/htdocs/AVS
(i.e., URLs location http://pse.ccl.net:9080/AVS) should be
redirected to Tomcat for processing, and that Basic Authentication
needs be done for group defined in /usr/local/apache/auth/avspeople
whose id/password pairs are stored in /usr/local/apache/auth/avspass.
The Authentication Realm is "For internal users only".
I also needed to tell Tomcat that we have a new Web application.
I edited file:
/usr/local/apache_t3.1b1/sources/build/tomcat/conf/server.xml
and added there a piece like this:
I also had to provide the web application init file.
My /usr/local/apache_t3.1b1/htdocs/AVS/WEB-INF/web.xml was very simple:
-------------- cut here -----------
-------------- cut here -----------
i.e., take defaults.
I restarted the Apache as:
/usr/local/apache_t3.1b1/bin/apache-tomcat stop
/usr/local/apache_t3.1b1/bin/apache-tomcat startssl
and I was extremely happy when I was clicking on the button
for the form:
http://pse.ccl.net:9080/AVS/workshop_request.html
and
https://pse.ccl.net:9443/AVS/workshop_request.html
Sorry that you will not see it, since it is password protected.
But if you read carefully, you can see this test page which does
nothing, by using another port, and you will not be asked for password.